Database Reference
In-Depth Information
To determine the number of columns in the result set, access its metadata:
ResultSet
rs
=
s
.
getResultSet
();
ResultSetMetaData
md
=
rs
.
getMetaData
();
// get result set metadata
int
ncols
=
md
.
getColumnCount
();
// get column count from metadata
The third JDBC statement-execution method,
execute()
, works for either type of
statement. It's particularly useful when you receive a statement string from an external
source and don't know whether it generates a result set. The return value from
exe
cute()
indicates the statement type so that you can process it appropriately: if
exe
cute()
returns true, there is a result set, otherwise not. Typically, you'd use it something
like this, where
stmtStr
represents an arbitrary SQL statement:
Statement
s
=
conn
.
createStatement
();
if
(
s
.
execute
(
stmtStr
))
{
// there is a result set
ResultSet
rs
=
s
.
getResultSet
();
// ... process result set here ...
rs
.
close
();
// close result set
}
else
{
// there is no result set, just print the row count
System
.
out
.
println
(
"Number of rows affected: "
+
s
.
getUpdateCount
());
}
s
.
close
();
// close statement
2.5. Handling Special Characters and NULL Values in
Statements
Problem
You need to construct SQL statements that refer to data values containing special char‐
acters such as quotes or backslashes, or special values such as
NULL
. Or you are con‐
structing statements using data obtained from external sources and want to prevent
SQL injection attacks.
Solution
Use your API's placeholder mechanism or quoting function to make data safe for in‐
sertion.
